Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:122545 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id C60F21ADAC5 for ; Mon, 4 Mar 2024 15:56:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1709439178; bh=W7s1zlxsn6Ui/k6tznBY1/8068AYUTgopwXqnCXq4JY=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=BD1xXaVRxCEFzFQaqy0yF/K32oEsBByruW/Z5xrhAy2sGe3H9p5fbS9le39DUiQfV rq21VWGQJbrtxBskHB/R29+LulPvMB9qQoncZMJtbhhfMSqBtJN2kmzoTanzUbgiQl mSFQa1zvTRO5KZNtOgr8OsUFnvOU4afjq8fPaaurRhAh0DVkpbsgqXhSOyxCSl+bRV Evuhz3ImNsaN5gUeqXifqKdzDN5O98VrX4dkbBGIkzT0tonroXUBY56lgRd+DR0YTa ZRcN0NHEn+2wILcn0N6rnc0+fdaSfQCsBH7D7TQnlEeOInZz5uCd40HTYMn9IhhrUB 9/YLAs9twrf5g== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 8C7EE18A363 for ; Sun, 3 Mar 2024 04:12:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_40,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from forward501b.mail.yandex.net (forward501b.mail.yandex.net [178.154.239.145]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sun, 3 Mar 2024 04:12:54 +0000 (UTC) Received: from mail-nwsmtp-smtp-production-main-39.myt.yp-c.yandex.net (mail-nwsmtp-smtp-production-main-39.myt.yp-c.yandex.net [IPv6:2a02:6b8:c12:2507:0:640:4678:0]) by forward501b.mail.yandex.net (Yandex) with ESMTPS id E1AE261170 for ; Sun, 3 Mar 2024 07:12:40 +0300 (MSK) Received: by mail-nwsmtp-smtp-production-main-39.myt.yp-c.yandex.net (smtp/Yandex) with ESMTPSA id dCUSIhAOfuQ0-xAU3j03P; Sun, 03 Mar 2024 07:12:40 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=php.watch; s=mail; t=1709439160; bh=W7s1zlxsn6Ui/k6tznBY1/8068AYUTgopwXqnCXq4JY=; h=To:Subject:Message-ID:References:Date:From:In-Reply-To:Cc; b=TvWJNCmHXuKdE/4AJrtrmhB5toq1uhWIumu0GTw+RFu2IEUbVlkWuPC7+4HauNxYK yv5ao30u8CE3NXV6tM9G3W1fviWV/2LVW/JvFxcSS9bg0lbdHjU0siXiR/AqhCsC1f GNRtKM2oGyqOuz4oYVrWDmxohym+DXmTPH7xjFqo= Authentication-Results: mail-nwsmtp-smtp-production-main-39.myt.yp-c.yandex.net; dkim=pass header.i=@php.watch Received: by mail-lf1-f45.google.com with SMTP id 2adb3069b0e04-5131c0691feso4181158e87.1 for ; Sat, 02 Mar 2024 20:12:40 -0800 (PST) X-Gm-Message-State: AOJu0YwfKDm1GS97aB0jzrzOG9vjbaQ3pJNBZTuXUC85V+7YJx8NR/UP Rru0/7COG9iV15zACnbSC8xY6QZHaffoJR6PRBJMlyynX1jt522fSKJR+oz0PY9rraEg3T8GOzC 0wuxg/6ABJAmhd/ee+weKTewFJBM= X-Google-Smtp-Source: AGHT+IGA/KYxo92zWFo3A2sXlrXEU5nz5lV97rUfCtMjiX6IU0JxqT97dvVkhg4sW2aXVTQmuEpBGbb2MbsjPV0hVEY= X-Received: by 2002:a05:6512:3e19:b0:513:3309:cc56 with SMTP id i25-20020a0565123e1900b005133309cc56mr4753174lfv.23.1709439159743; Sat, 02 Mar 2024 20:12:39 -0800 (PST) Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net MIME-Version: 1.0 References: In-Reply-To: Date: Sun, 3 Mar 2024 11:12:13 +0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PHP-DEV] [RFC] [Discussion] Deprecate GET/POST sessions To: Kamil Tekiela Cc: PHP internals Content-Type: text/plain; charset="UTF-8" From: ayesh@php.watch (Ayesh Karunaratne) > > Hi Internals, > > I would like to start a discussion on a new RFC > https://wiki.php.net/rfc/deprecate-get-post-sessions > > Please let me know whether the idea is clear and the RFC is understandable. > > In particular, I am looking for any feedback as to why this is a bad > idea. The primary motivation behind this RFC is to reduce potential > security pitfalls. > > Regards, > Kamil Tekiela Hi Kamil, I quite like the idea, and I think the RFC motivation, impact, and the scope is clear as well. The PHP 8.4 deprecations RFC also proposes to deprecate SID constant; perhaps it's something worth mentioning in this RFC too?